You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Suresh Attanayake (JIRA)" <ji...@apache.org> on 2013/01/24 21:23:13 UTC
[jira] [Updated] (RAMPART-385) Rampart does check username token
password (via callback), even though "NoPassword" was specified in Security
Policy
[ https://issues.apache.org/jira/browse/RAMPART-385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Suresh Attanayake updated RAMPART-385:
--------------------------------------
Attachment: policy-1.2-UT.xml
> Rampart does check username token password (via callback), even though "NoPassword" was specified in Security Policy
> --------------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-385
> URL: https://issues.apache.org/jira/browse/RAMPART-385
> Project: Rampart
> Issue Type: Question
> Environment: JBoss 5.1.2
> Axis2 1.6.2
> Rampart/Rahas 1.6.2
> Reporter: Simon Jongsma
> Attachments: policy-1.2-UT.xml, RAMPART-385.patch
>
>
> A Policy was specified on a web service as such:
> <sp:SupportingTokens>
> <wsp:Policy>
> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:NoPassword/>
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SupportingTokens>
> If the request contains username token + password in security header, I would expect (hope) rampart to ignore
> the password or complain that a password is present (i'm not sure about the meaning of NoPassword in this respect).
> Anyway: rampart will go into the password callback and require us to supply the value.
> Is this correct?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org